[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] ISAKMP
ISAKMP - internet security association and key management protocol is a standard by IETF. It is used for automatic asymmetric and symmetric key exchanges over the internet. In a nutshell it has two phases Phase 1 - the Certificate Authority's (CA) Public keys are exchanged and then the Diffie hellman (DH) public keys are exchanged. the DH public keys are signed by the CA private key inorder to authenticate the DH keys. this is the reason for exchange of the CA public keys. once authenticated the DH keys are used to arrive at a shared session key (symmetric) that in turn is used for the encryption of data. So in phase one the asymmetric key exchange takes place. ..... Enter Phase II Get to the shared secret and negotiate the packet encryption (DES, 3DES) and authentication algorithms (SHA1 and MD5),encapsulation scheme (tunnel or inplace/transport, ect. also known as a security association (SA). once the security association is set up the data can be encrypted and decrypted on both ends. Internet key exchange(IKE) utilizes ISAKMP/OAkLEY for key negotiations and IPSEC for data encryption and really kicks ass!! Hope this helps. Amit Kaushal Security consultant -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, January 24, 2001 6:34 AM To: [email protected] Subject: [FW1] ISAKMP Hi all, can anyone explain ISAKMP to me with 10 to 20 sentences ? Thankx, Joerg ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|